Bcrypt API

Simple API to help you check your password strategy.

Generate Hash from Password

Type a password, click 'Generate Hash' and we'll show you the bcrypt'd hash.
Provide a number between 4 and 10 (higher or lower values not permitted).
...

Check Password

Type a password, paste a bcrypt hash and we'll tell you if they match.
...
...

About

Use this site from inside your tests so that you can externally verify that your use of bcrypt is correct.

Important

Do not type any password that you currently use. This site is for experimentation and testing purposes only.

API

Generate Hash

Hit this endpoint to generate a hash from a password.

Firstly, set up an environment variable with the password:

$ PASSWORD=super-secret

Curl

$ curl --verbose --request POST --data "password=$PASSWORD" http://bcrypt.org/api/generate-hash.json
{"ok":true,"msg":"","password":"super-secret","hash":"$2a$06$q1hUUfwVhEAuxIHLyv9fOukjBUHtZBu7slIAOpwuflmwsquQFBJ.a","cost":6}

Wget

$ wget --post-data "password=$PASSWORD" http://bcrypt.org/api/generate-hash.json
$ cat generate-hash.json
{"ok":true,"msg":"","password":"super-secret","hash":"$2a$06$u91uvrUvSXl3yHJqsPdZdO6HQrIZvfYDHoj6123VYm37b.V5DUdDG","cost":6}

Check Password

Hit this endpoint to check your hash checks out for your password.

Firstly, set up two environment variables with the password and the hash to check against:

$ PASSWORD=super-secret
$ HASH='$2a$06$8DhuLEJC5PS8a8XfuvybUOqwLj4ykJ091lyVBF8R9GlYstIfZMjVm'

Curl

$ curl --verbose --request POST --data "hash=$HASH&password=$PASSWORD" http://bcrypt.org/api/check-password.json
{"ok":true,"msg":"","password":"super-secret","hash":"$2a$06$8DhuLEJC5PS8a8XfuvybUOqwLj4ykJ091lyVBF8R9GlYstIfZMjVm","cost":6}

Wget

$ wget --post-data "hash=$HASH&password=$PASSWORD" http://bcrypt.org/api/check-password.json
$ cat check-password.json
{"ok":true,"msg":"","password":"super-secret","hash":"$2a$06$8DhuLEJC5PS8a8XfuvybUOqwLj4ykJ091lyVBF8R9GlYstIfZMjVm","cost":6}